The system is missing one or more SuSE security patches. Note: After this update php4-recode can no longer be used at the same time as php4-mysql, php4-imap or apache2-mod_auth_mysql due to the RTLD_GLOBAL fixes. Please refer to /usr/share/doc/packages/php4/README.SuSE for details. This update fixes four security issues. The first and less important bug can be exploited by remote attackers to bypass HTML tag filtering (cross-site-scripting prevention) by supplying special tags. These kind of tags should be ignored because they are not valid but they get accepted by some commercial web-browsers. The second bug can be exploited by remote attackers by triggering the memory_limit in unsafe states of a PHP execution path to execute arbitrary code. The third and fourth bug depend in bad array parsing of the user input via GET, POST and COOKIE. One could lead to overwriting variable $_FILES, while the other could expose some pieces of the php memory to the attacker. Moreover, the dlopen() flag for opening php4 modules has been reverted back to RTLD_GLOBAL, as RTDL_LOCAL had some side effects when extensions like php4-unixODBC load their own libraries (unixODBC uses RTLD_GLOBAL).